resource	yara_rule
behavioral3/memory/2472-246-0x0000000000400000-0x0000000000420000-memory.dmp	family_redline
behavioral3/memory/2472-249-0x0000000000418D26-mapping.dmp	family_redline
behavioral3/memory/2548-262-0x0000000000418D32-mapping.dmp	family_redline

resource	yara_rule
behavioral3/files/0x000600000001267c-65.dat	aspack_v212_v242
behavioral3/files/0x000600000001267c-64.dat	aspack_v212_v242
behavioral3/files/0x00060000000126a2-63.dat	aspack_v212_v242
behavioral3/files/0x00060000000126a2-62.dat	aspack_v212_v242
behavioral3/files/0x00050000000130fe-69.dat	aspack_v212_v242
behavioral3/files/0x00050000000130fe-68.dat	aspack_v212_v242

pid	Process
1428	setup_install.exe
1880	Wed0901eb1dae126e32.exe
1876	Wed09abf83d9c2.exe
816	Wed09d27135e5a8b3b.exe
2040	Wed09d8d6edfaff2ac.exe
1824	Wed09e95ff6b5.exe
1420	Wed09abf83d9c2.exe
1596	Wed09f257bb7877d00b2.exe
1060	Wed0971f17486f8.exe
1324	Wed096a1bff61.exe
1980	XYB0bVL96aEKhA.exE
2044	Wed09977fdc12334.exe
1036	Wed09c42cad92c20f79.exe
1812	Wed09db0d52c38.exe
668	Process not Found
1928	Wed094c47c32b.exe
1104	mshta.exe
1728	Wed09d27135e5a8b3b.tmp
1696	8912629.exe
2096	Wed09d27135e5a8b3b.tmp

pid	Process
1120	setup_installer.exe
1120	setup_installer.exe
1120	setup_installer.exe
1428	setup_install.exe
1428	setup_install.exe
1428	setup_install.exe
1428	setup_install.exe
1428	setup_install.exe
1428	setup_install.exe
1428	setup_install.exe
1428	setup_install.exe
1268	cmd.exe
1268	cmd.exe
668	Wed09cfb2f9758281d8.exe
1880	Wed0901eb1dae126e32.exe
1880	Wed0901eb1dae126e32.exe
1348	cmd.exe
1876	Wed09abf83d9c2.exe
1876	Wed09abf83d9c2.exe
816	Wed09d27135e5a8b3b.exe
816	Wed09d27135e5a8b3b.exe
1680	cmd.exe
1480	cmd.exe
1664	cmd.exe
1876	Wed09abf83d9c2.exe
2040	Wed09d8d6edfaff2ac.exe
2040	Wed09d8d6edfaff2ac.exe
1420	Wed09abf83d9c2.exe
1420	Wed09abf83d9c2.exe
1952	cmd.exe
1952	cmd.exe
1824	Wed09e95ff6b5.exe
1824	Wed09e95ff6b5.exe
932	cmd.exe
932	cmd.exe
1224	cmd.exe
544	cmd.exe
916	cmd.exe
860	cmd.exe
860	cmd.exe
1376	cmd.exe
1376	cmd.exe
976	cmd.exe
1708	cmd.exe
816	Process not Found
1060	Wed0971f17486f8.exe
1060	Wed0971f17486f8.exe
1036	Wed09c42cad92c20f79.exe
1036	Wed09c42cad92c20f79.exe
1928	Wed094c47c32b.exe
1928	Wed094c47c32b.exe
1980	XYB0bVL96aEKhA.exE
1980	XYB0bVL96aEKhA.exE
668	Process not Found
668	Process not Found
1104	mshta.exe
1104	mshta.exe
1812	Wed09db0d52c38.exe
1812	Wed09db0d52c38.exe
1728	Wed09d27135e5a8b3b.tmp
1728	Wed09d27135e5a8b3b.tmp
1728	Wed09d27135e5a8b3b.tmp
1728	Wed09d27135e5a8b3b.tmp
1696	8912629.exe

flow	ioc
72	ipinfo.io
113	freegeoip.app
115	freegeoip.app
116	freegeoip.app
118	freegeoip.app
11	ip-api.com
44	ipinfo.io
45	ipinfo.io

resource	yara_rule
behavioral3/files/0x00050000000132da-107.dat	autoit_exe
behavioral3/files/0x00050000000132da-150.dat	autoit_exe
behavioral3/files/0x00050000000132da-159.dat	autoit_exe
behavioral3/files/0x00050000000132da-175.dat	autoit_exe
behavioral3/files/0x00050000000132da-176.dat	autoit_exe

pid	pid_target	Process	procid_target
2908	2040	WerFault.exe	51
2712	2044	WerFault.exe	68
2592	1036	WerFault.exe	69
4012	1656	WerFault.exe	115
2524	2092	WerFault.exe	113

pid	Process
2864	taskkill.exe
1076	taskkill.exe
1540	taskkill.exe
3096	taskkill.exe

description	pid	Process
Token: SeCreateTokenPrivilege	1812	Wed09db0d52c38.exe
Token: SeAssignPrimaryTokenPrivilege	1812	Wed09db0d52c38.exe
Token: SeLockMemoryPrivilege	1812	Wed09db0d52c38.exe
Token: SeIncreaseQuotaPrivilege	1812	Wed09db0d52c38.exe
Token: SeMachineAccountPrivilege	1812	Wed09db0d52c38.exe
Token: SeTcbPrivilege	1812	Wed09db0d52c38.exe
Token: SeSecurityPrivilege	1812	Wed09db0d52c38.exe
Token: SeTakeOwnershipPrivilege	1812	Wed09db0d52c38.exe
Token: SeLoadDriverPrivilege	1812	Wed09db0d52c38.exe
Token: SeSystemProfilePrivilege	1812	Wed09db0d52c38.exe
Token: SeSystemtimePrivilege	1812	Wed09db0d52c38.exe
Token: SeProfSingleProcessPrivilege	1812	Wed09db0d52c38.exe
Token: SeIncBasePriorityPrivilege	1812	Wed09db0d52c38.exe
Token: SeCreatePagefilePrivilege	1812	Wed09db0d52c38.exe
Token: SeCreatePermanentPrivilege	1812	Wed09db0d52c38.exe
Token: SeBackupPrivilege	1812	Wed09db0d52c38.exe
Token: SeRestorePrivilege	1812	Wed09db0d52c38.exe
Token: SeShutdownPrivilege	1812	Wed09db0d52c38.exe
Token: SeDebugPrivilege	1812	Wed09db0d52c38.exe
Token: SeAuditPrivilege	1812	Wed09db0d52c38.exe
Token: SeSystemEnvironmentPrivilege	1812	Wed09db0d52c38.exe
Token: SeChangeNotifyPrivilege	1812	Wed09db0d52c38.exe
Token: SeRemoteShutdownPrivilege	1812	Wed09db0d52c38.exe
Token: SeUndockPrivilege	1812	Wed09db0d52c38.exe
Token: SeSyncAgentPrivilege	1812	Wed09db0d52c38.exe
Token: SeEnableDelegationPrivilege	1812	Wed09db0d52c38.exe
Token: SeManageVolumePrivilege	1812	Wed09db0d52c38.exe
Token: SeImpersonatePrivilege	1812	Wed09db0d52c38.exe
Token: SeCreateGlobalPrivilege	1812	Wed09db0d52c38.exe
Token: 31	1812	Wed09db0d52c38.exe
Token: 32	1812	Wed09db0d52c38.exe
Token: 33	1812	Wed09db0d52c38.exe
Token: 34	1812	Wed09db0d52c38.exe
Token: 35	1812	Wed09db0d52c38.exe

description	pid	Process	procid_target
PID 1120 wrote to memory of 1428	1120	setup_installer.exe	29
PID 1120 wrote to memory of 1428	1120	setup_installer.exe	29
PID 1120 wrote to memory of 1428	1120	setup_installer.exe	29
PID 1120 wrote to memory of 1428	1120	setup_installer.exe	29
PID 1120 wrote to memory of 1428	1120	setup_installer.exe	29
PID 1120 wrote to memory of 1428	1120	setup_installer.exe	29
PID 1120 wrote to memory of 1428	1120	setup_installer.exe	29
PID 1428 wrote to memory of 1388	1428	setup_install.exe	31
PID 1428 wrote to memory of 1388	1428	setup_install.exe	31
PID 1428 wrote to memory of 1388	1428	setup_install.exe	31
PID 1428 wrote to memory of 1388	1428	setup_install.exe	31
PID 1428 wrote to memory of 1388	1428	setup_install.exe	31
PID 1428 wrote to memory of 1388	1428	setup_install.exe	31
PID 1428 wrote to memory of 1388	1428	setup_install.exe	31
PID 1428 wrote to memory of 1380	1428	setup_install.exe	32
PID 1428 wrote to memory of 1380	1428	setup_install.exe	32
PID 1428 wrote to memory of 1380	1428	setup_install.exe	32
PID 1428 wrote to memory of 1380	1428	setup_install.exe	32
PID 1428 wrote to memory of 1380	1428	setup_install.exe	32
PID 1428 wrote to memory of 1380	1428	setup_install.exe	32
PID 1428 wrote to memory of 1380	1428	setup_install.exe	32
PID 1428 wrote to memory of 1664	1428	setup_install.exe	33
PID 1428 wrote to memory of 1664	1428	setup_install.exe	33
PID 1428 wrote to memory of 1664	1428	setup_install.exe	33
PID 1428 wrote to memory of 1664	1428	setup_install.exe	33
PID 1428 wrote to memory of 1664	1428	setup_install.exe	33
PID 1428 wrote to memory of 1664	1428	setup_install.exe	33
PID 1428 wrote to memory of 1664	1428	setup_install.exe	33
PID 1428 wrote to memory of 976	1428	setup_install.exe	34
PID 1428 wrote to memory of 976	1428	setup_install.exe	34
PID 1428 wrote to memory of 976	1428	setup_install.exe	34
PID 1428 wrote to memory of 976	1428	setup_install.exe	34
PID 1428 wrote to memory of 976	1428	setup_install.exe	34
PID 1428 wrote to memory of 976	1428	setup_install.exe	34
PID 1428 wrote to memory of 976	1428	setup_install.exe	34
PID 1428 wrote to memory of 1680	1428	setup_install.exe	35
PID 1428 wrote to memory of 1680	1428	setup_install.exe	35
PID 1428 wrote to memory of 1680	1428	setup_install.exe	35
PID 1428 wrote to memory of 1680	1428	setup_install.exe	35
PID 1428 wrote to memory of 1680	1428	setup_install.exe	35
PID 1428 wrote to memory of 1680	1428	setup_install.exe	35
PID 1428 wrote to memory of 1680	1428	setup_install.exe	35
PID 1428 wrote to memory of 916	1428	setup_install.exe	36
PID 1428 wrote to memory of 916	1428	setup_install.exe	36
PID 1428 wrote to memory of 916	1428	setup_install.exe	36
PID 1428 wrote to memory of 916	1428	setup_install.exe	36
PID 1428 wrote to memory of 916	1428	setup_install.exe	36
PID 1428 wrote to memory of 916	1428	setup_install.exe	36
PID 1428 wrote to memory of 916	1428	setup_install.exe	36
PID 1428 wrote to memory of 1952	1428	setup_install.exe	37
PID 1428 wrote to memory of 1952	1428	setup_install.exe	37
PID 1428 wrote to memory of 1952	1428	setup_install.exe	37
PID 1428 wrote to memory of 1952	1428	setup_install.exe	37
PID 1428 wrote to memory of 1952	1428	setup_install.exe	37
PID 1428 wrote to memory of 1952	1428	setup_install.exe	37
PID 1428 wrote to memory of 1952	1428	setup_install.exe	37
PID 1428 wrote to memory of 544	1428	setup_install.exe	38
PID 1428 wrote to memory of 544	1428	setup_install.exe	38
PID 1428 wrote to memory of 544	1428	setup_install.exe	38
PID 1428 wrote to memory of 544	1428	setup_install.exe	38
PID 1428 wrote to memory of 544	1428	setup_install.exe	38
PID 1428 wrote to memory of 544	1428	setup_install.exe	38
PID 1428 wrote to memory of 544	1428	setup_install.exe	38
PID 1428 wrote to memory of 1268	1428	setup_install.exe	39

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads